99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 09:50

Target

99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
Size

690KB
MD5

b1e840d995defd7465d6916635a995a0
SHA1

7b105a331d08b45b6a9c5683d0f80b66638ad52d
SHA256

99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b
SHA512

5049a1470f5ca9f78152bc23e3e21036f5c91001cf4e8d77f98f8a5750c309049215170fe2b20c0e5c4bf03d4f7dfa6ccfacf9e8371d60a50ee9676d49167709
SSDEEP

12288:Osh4EkBSp+n5mtmnTr9qUbQ2j3Gzu40gYwKVtNOtBGM9yxPQjgwCcrzwD8VF2wyS:J6Yp+n5trcAQ2j3rnYIM9y5rCza8pyqt

Score

7^/10

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/2756-0-0x0000000000400000-0x0000000000562000-memory.dmp	vmprotect
behavioral1/memory/2756-1-0x0000000000400000-0x0000000000562000-memory.dmp	vmprotect
behavioral1/memory/2756-2-0x0000000000400000-0x0000000000562000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe

pid	process
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
2756	99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\99eb923f5aaa019da3b0003c73939ecaec2a8e1978fd87bb9c1e20cc5dca2e1b_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756

memory/2756-0-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/2756-1-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download
memory/2756-2-0x0000000000400000-0x0000000000562000-memory.dmp

Filesize
1.4MB

Download